Development

Part of Emerald Onion’s mission is to share our actions in detail in order to help educate others who wish to create their own human-rights focused transit internet service provider. We have a vision that entails many trusted nonprofits setting up and operating long-term, stable, and fast Tor routing operations. Below you will find a high level overview of tasks that we needed to complete in order to create Emerald Onion. As we develop, we will publish greater detail behind each action by linking to a related blog post or external resource.

  1. Invite meaningful and trusted people for the board of directors, executive leadership, and advisory board.
  2. Create a mission and vision statements, and organizational goals.
  3. Setup a password manager on a secured workstation for generating and documenting organizational passwords.
  4. Purchase a domain name, setup the website, and setup social media accounts.
  5. Setup Microsoft hosted email service for Admin@ and Abuse@. Once you become a 501(c)3, Microsoft provides free enterprise services.
  6. Setup a UPS Store mailbox for registration (your primary “place of business” address) and find Registered Agent services for your registered agent (a legitimate Registered Agent is required).
  7. Apply for Washington State nonprofit status.
  8. Begin contacting local data center service providers who will help by reducing costs for nonprofits.
  9. Apply for Employer Identification Number (EIN/TIN) from IRS, even without paid employees.
  10. Apply for a business bank account with a local nonprofit credit union and obtain debit cards.
  11. Apply for 501(c)3 status using the 1023-EZ (See our 1023-EZ).
  12. Once your Charity status has been granted by the IRS, sign up the org for PayPal’s Nonprofit services, Google One Today, and Amazon Smile as funding streams.
  13. Apply for a Tor Servers grant, if available.
  14. Setup a phone call with chosen legal representation to discuss optional support then request a “Form Engagement Letter” from legal representation, if needed.
  15. Request a quote to create a general legal FAQ and abuse response templates for managing complaints from our upstream ISP and direct complaints.
  16. Deposit enough funds for the first two months of  insurance, the first two months of data center service, legal service costs, all RIR registration and IP allocation costs, and all hardware costs.
  17. Purchase computer parts for a Tor router and edge router.
  18. Setup a Zendesk free trial for testing, tracking, and responding to Abuse@ communications, and set up automated responses with the Legal FAQ.
  19. Create ARIN POC records for your organization.
  20. Setup insurance provider(s) needed for data center co-location service, including “commercial general liability”, “business property protection”, and “professional liability” insurance.
  21. Finalize negotiating all fees with your data center and IP transit service (ISP) providers and then sign contracts. The transit provider needs to perform an IP SWIP for updating ARIN’s WHOIS.
  22. After being provided leased IP scopes from your ISP, apply for an AS number. Then apply for your own IPv6 and IPv4 scopes (See our request details).
  23. Publish donation page, legal FAQ, mission, and vision statements on the website.
  24. Deploy the routers in the data center. Only run Tor middle relays until securing and configuring RIR-provisioned IP scopes.
  25. Create an informational letter for explaining the organization, providing contact information, and offer free and personalized education for our ISP and local law enforcement organizations, then submit it to the respective organizations.
  26. Actively publish work performed on social media and the blog.

 

Upcoming Changes

  1. Rebuild the Firewall & Tor server with a custom build of HardenedBSD
  2. Harden Firewall & Tor server with a new encryption and boot scheme
  3. Implement further DNS privacy protections

 

Future State

  • Re-IP the network to support better organization – Undervillain
  • Deploy central logging and monitoring server to facilitate auditing, error, performance and availability logging – XanaduRegio
  • Design secure out of band remote administration – Undervillain & XanaduRegio
  • Create network diagram in something like Visio – XanaduRegio & Undervillain
  • pfSense blog post – XanaduRegio
  • HardenedBSD Firewall/Router blog post – Undervillain
  • Develop legal hosting agreements for entities we wish to provide or charge for hosting. – XanaduRegio & Matt
  • Create list of current and potential SIX peers – XanaduRegio
  • Publish a blog post on current hardware – Yawnbox
  • System Backups (Key Escrow, configs) – Undervillain
  • Assist other organizations with doing similar colocation and hosting – XanaduRegio
  • Further develop donation strategy – Yawnbox
  • Find a solution for a CMDB – XanaduRegio
  • Fork HardenedBSD for an Emerald Onion OS (To be named later) – Undervillain
  • Replace ntpd with openntpd – Undervillain
  • Change management Procedures – XanaduRegio